Vulnerabilities > Alfresco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-04 | CVE-2020-18327 | Cross-site Scripting vulnerability in Alfresco 5.2 Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. | 4.3 |
| 2021-10-21 | CVE-2021-41790 | Unspecified vulnerability in Alfresco Content Services 7.0/7.0.0.1/7.0.0.2 An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. | 6.5 |
| 2021-10-21 | CVE-2021-41791 | Cross-site Scripting vulnerability in Alfresco Community Share and Share An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 and org.alfresco:community-share through 7.0. | 3.5 |
| 2021-10-21 | CVE-2021-41792 | Server-Side Request Forgery (SSRF) vulnerability in Alfresco products An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. | 5.0 |
| 2020-09-18 | CVE-2020-15181 | Unspecified vulnerability in Alfresco Reset Password The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. | 10.0 |
| 2020-09-17 | CVE-2020-25728 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Alfresco Reset Password The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account. | 6.5 |
| 2020-03-02 | CVE-2020-8778 | Cross-site Scripting vulnerability in Alfresco Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project. | 3.5 |
| 2020-03-02 | CVE-2020-8777 | Cross-site Scripting vulnerability in Alfresco Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document. | 3.5 |
| 2020-03-02 | CVE-2020-8776 | Cross-site Scripting vulnerability in Alfresco Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file. | 3.5 |
| 2019-12-02 | CVE-2019-19496 | Cross-site Scripting vulnerability in Alfresco Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTML document. | 3.5 |